this post was submitted on 05 May 2026
198 points (97.6% liked)

Technology

84358 readers
115 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
198
A Security Researcher Decompiled The White House App, & What They Found Is Pretty Alarming (www.androidheadlines.com)
submitted 1 day ago by sanitation@lemmy.radio to c/technology@lemmy.world
25 comments fedilink hide all child comments
top 25 comments
sorted by: hot top controversial new old
[–] TachyonTele@piefed.social 87 points 1 day ago* (last edited 1 day ago) (5 children)

And it gets even stranger. Apparently, the app is loading JavaScript from a random person’s GitHub site for YouTube embeds. Yes, you read that right, it’s just loading JavaScript from a random GitHub site.

It also pings your location every four minutes. But man, a random github is gold. These morons have the full power of the United States at their fingertips, and they use it to... load JS from a random github while tracking you.

[–] Sickday@kbin.earth 59 points 1 day ago (2 children)

Can you imagine The United States Government getting hit with a JS supply chain attack due to sheer stupidity? What a time to be alive

[–] Hawke@lemmy.world 22 points 1 day ago

It would be impossible to distinguish the malware from the apps intended function

[–] TachyonTele@piefed.social 26 points 1 day ago

Someone convincing enough could easily just tell them theres an attack. I have a feeling they wouldn't have any idea how to check.

[–] AuroraZzz@lemmy.world 33 points 1 day ago (1 children)

Bc they used AI to write it. Why random stuff is included in the app for no reason

[–] TachyonTele@piefed.social 15 points 1 day ago

That would make sense. Ugh

[–] felixwhynot@lemmy.world 21 points 1 day ago (2 children)

Nerd nit (sorry): if you want to abbreviate “JavaScript” please use “JS” because Java is a different thing. Sorry!

PS thanks for posting the quote

[–] pingu@piefed.europe.pub 17 points 1 day ago

Extra nerd nit: If you want to abbreviate the postscript announcement, please use "p.s" because PostScript is a different thing!

p.s. thanks for pointing out the difference between Java and JavaScript

[–] TachyonTele@piefed.social 4 points 1 day ago

Nerd alert!
(I kidd, thank you for the correction)

[–] TheTimeKnife@lemmy.world 9 points 1 day ago

Its honestly incredible how dumb these people are.

[–] vrek@programming.dev 7 points 1 day ago (1 children)

Based on how open source currently is funded and it's a random github source. I wonder if, hypothetically, could iran send the owner a dm offering say $500k and get complete access to the phones of everyone running this app. I could see this being default installed on company phones if you work for the white house or federal government.

Don't make the github changes noticeable, keep the app working, but for example when it checks your location and sends that home imagine a slight change to also include complete browser history or list of installed apps.

One of trump's yes men receives a message "do what I ask or I'll publish that you have grindr installed, your account name, and all the people you swiped right on..." that could give them insane power over the US government.

[–] TachyonTele@piefed.social 5 points 1 day ago (1 children)

Sure, why not. If people were as competent as the movies theyd have already owned the apps data.

[–] vrek@programming.dev 5 points 1 day ago

Hey, it's cheaper than a single missile...

[–] IWW4@lemmy.zip 57 points 1 day ago

Is anyone surprised that one of the most if not the most incompetent and corrupt administrations in the history of the US is churning out shit that is corrupt and messed up?

This administration doesn’t live in reality so I am sure whoever was building that thing sure didn’t feel like anyone wants to hear about problems.

[–] floquant@lemmy.dbzer0.com 30 points 1 day ago

If you are wondering if it's because of incompetence or malice, it's both.

[–] Sxan@piefed.zip 38 points 1 day ago (1 children)

Hardcoded:

root_username: putin  
root_password: i_luv_russia
[–] gdog05@lemmy.world 15 points 1 day ago (1 children)

Username would be Krasnov I think

[–] redditmademedoit@piefed.zip 21 points 1 day ago

krasnov only gets you basic access. For admin privileges you need to sign in with putin.

[–] chrash0@lemmy.world 31 points 1 day ago (2 children)

WordPress powering the backend through a custom REST API. That’s pretty normal, as nearly 42% of all websites on the internet are powered by WordPress.

is this normal? of course WordPress is popular for websites, but why a REST API? most of this seems just like shoddy junior work. probably vibe coded by someone who thinks software engineering is obsolete

[–] MonkderVierte@lemmy.zip 21 points 1 day ago* (last edited 1 day ago)

Actually, Wordpress is made for blogs and the plugin architecture (to do things like shopify) has heavy security issues. If you don't make a very basic blog, use a different framework. And if you do, better look into static site generators.

[–] nykula@piefed.social 15 points 1 day ago

Because their app is essentially a website. News, videos, photo galleries. WP REST API is useful for writing a front-end using a different language than PHP while keeping the very convenient admin interface that most content managers are familiar with.

[–] abbiistabbii@piefed.blahaj.zone 13 points 1 day ago

Have you ever noticed that 90% of all government-owned /designed apps are absolutely horrific nightmares?

Do you think government is promoting this gov.uk app and I look at it in exactly the same way I think of full strength everclear: absolute concern.